DETROIT: THE CONSPIRATORS BEHIND THE

LARGEST MUNICIPAL BANKRUPTCY

PROCEEDING IN US HISTORY

November 28 , 2013

Two weeks of testimony in the Detroit bankruptcy case have exposed the premeditated character of the July 18 decision by Emergency Manager Kevyn Orr to initiate the largest municipal bankruptcy proceeding in US history. The bankruptcy, which is being backed by the Obama administration, was not necessitated by financial imperatives; instead it was a political decision—long in preparation—which was aimed at setting a precedent for the ripping up of the wages, pensions and benefits of city workers, and selling off of public assets like the masterpieces of the Detroit Institute of Arts.

The evidence presented in the testimony brought to light the extent to which, starting with its January 2011 inauguration, the administration of Michigan’s Republican governor Rick Snyder gathered around it a virtual shadow government of law firms, private consultants, investment bankers and top officials from both the Democratic and Republican parties. Their plan was to use the state’s anti-democratic emergency manager law to install an unelected financial dictator in Detroit who would use the bankruptcy courts to override every obstacle to the wholesale looting of the city by the big banks and corporations.

Part one of the “Who’s Who” of the main players in the Detroit bankruptcy included profiles of Emergency Manager Keyvn Orr, Michigan Governor Rick Snyder and former State Treasurer Andy Dillon. Part two profiled Snyder’s top political aide Richard Baird, US bankruptcy Judge Steven Rhodes and Detroit Mayor David Bing. The third and final installment describes the role of top trade union officials in the bankruptcy.

Al Garrett, American Federation of State, County and Municipal Employees (AFSCME) Council 25 president

The American Federation of State, County and Municipal Employees, led in Detroit by AFSCME Council 25 President Al Garrett, is the largest public sector union in the city. In the years leading up to the bankruptcy and the months that have followed AFSCME has not organized a single significant demonstration, let alone strike, to defend city workers or public services.

Allied with the Obama administration and the Democrats on the national and local level, AFSCME has joined in the effort to force workers to pay for the financial crisis produced by decades of pro-corporate policies overseen by subsequent Democratic-controlled city administrations.

AFSCME blocked any fight against Mayor David Bing and his predecessor Kwame Kilpatrick as they reduced the municipal workforce from 18,000 in 2005 to less than 10,000 in 2013. Instead they have collaborated in the imposition of savage wage and benefit concessions, which have reduced labor costs by a third over the last five years alone. In February 2012, in an effort to persuade Republican Governor Rick Snyder to postpone his plans to install an emergency manager in the city, AFSCME led a coalition of 30 unions, which offered to impose $180 million in concessions on their members.

When resistance by workers broke out—including the October 2012 strike by hundreds of Detroit Water and Sewerage Department workers against the outsourcing of 80 percent of their jobs—Garrett and other AFSCME leaders moved quickly to suppress it. Amid shouts of “back-stabber” and “sellout” by rank-and-file workers, Garrett showed up at the picket line with a court injunction telling workers they would be fired if they continued to strike and the union would do nothing to defend them. AFSCME Local 207 leadership immediately shut down the strike, leaving dozens of workers victimized.

Under the guise of opposing the appointment of an emergency manager Garrett joined with sections of the black Democratic Party political establishment in Detroit—including Councilwoman Joanne Watson—and Al Sharpton’s National Action Coalition to denounce the state intervention as “racist.” Opposing any genuine struggle to unite the working class throughout the metro Detroit area to fight the imposition of a bankers’ dictatorship, Garrett proclaimed that the continued rule of bought-and-paid for politicians like Mayor Bing and the City Council represented “self-determination” for the people of Detroit.

During the bankruptcy proceedings attorneys for AFSCME bitterly criticized Michigan State Treasurer Andy Dillon for nixing the unions’ concessions proposal in February 2012, and they have argued that Orr refused to hold “good faith” negotiations with them before declaring bankruptcy. Garrett’s special assistant, Ed McNeil—who also sits on a committee appointed by the court to represent 21,000 retired city workers—has been the most vocal advocate of selling off the artwork of the Detroit Institute of Arts.

McNeil infamously said, “You can’t eat art” and claimed money from the sale of artwork would go to pay off the unfunded pensions of retirees and their families. In fact, Orr is determined to loot the artwork and destroy pensions in order to pay off the banks and bondholders who hold the city’s debt.

Moreover, far from defending the rights of pensioners, AFSCME has repeatedly demonstrated its willingness to gut retiree benefits as long as it continues to have a “seat at the table” with Orr. In his November 5 testimony during the bankruptcy eligibility trial, Steven Kreisberg, AFSCME director of collective bargaining, acknowledged that the tentative agreement proposed by the unions in February granted the city the right to change pensions, including ending additional payments to accrued pensions and setting up a defined contribution retirement plan for current employees to replace the employer-paid plan. He said the union did not believe this violated the clause in the state constitution that prohibits any reduction in public employee pensions.

Bob King, UAW president

Bob King is the president of the United Auto Workers. While the UAW represents only a couple hundred municipal workers and retirees in the city it has played a central political role in the Detroit bankruptcy.

A fixture in the Democratic Party establishment, King epitomizes the transformation of the labor “bureaucracy” into a affluent layer of businessmen who manage multi-billion dollar investment funds and function as cheap labor contractors for management. The son of a industrial relations director at Ford, King worked his way up the career ladder of the UAW apparatus by selling out one struggle of auto workers after another—from Rouge Steel to Ford—and dutifully serving the interest of the auto bosses. In a 2010 speech, he declared, “the 21st-century UAW no longer views these managements as our adversaries or enemies, but as partners” sharing a common goal of “flexibility, innovation, lean manufacturing and continuous cost improvement.”

King has said the Obama administration’s forced bankruptcy and restructuring of General Motors and Chrysler in 2009 should be a model for Detroit. “If we restructure the city just like we restructured the auto industry, there’s hope that Detroit, too, can see a turnaround,” King told In These Times magazine. Pointing to the $180 million concessions package proposed by AFSCME and the UAW, he said, “We agreed that the unions should collaborate with the city and try to make these savings happen.”

In the restructuring of the auto industry, the UAW agreed to White House demands for the halving of wages of new hires, the elimination of the eight-hour day, the gutting of health care benefits and the wiping out of tens of thousands of jobs. In exchange for selling out its members, the UAW was rewarded with control of a multi-billion dollar retiree health care trust fund—known as a Voluntary Employees’ Beneficiary Association or VEBA—and a substantial ownership stake in the Detroit Big Three automaker, including 40 percent of Chrysler’s corporate shares.

By helping reduce labor costs by a staggering 30 percent over the last five years, the UAW paved the way for the auto companies to make huge profits, including $12 billion in 2012 alone. The “turnaround” of the auto industry hailed by King, however, has not led to any amelioration of the social misery or the financial crisis in Detroit. On the contrary, the only ones who have benefited are the corporate executives like Ford CEO Alan Mulally—who pocketed $30 million in 2011—big Wall Street investors and the UAW officials themselves.

In his November 12 testimony in the bankruptcy hearings, Michael Nicholson, the general counsel for UAW International, said the UAW had a long and friendly relationship with the Jones Day law firm—dating back to various bankruptcy negotiations, including at auto supplier Dana, which resulted in “well-funded VEBAs.”

Nicholson said King authorized him to offer the Jones Day attorneys representing the city a similar cost-cutting deal, which would sharply reduce retiree health care costs by dumping these obligations into a VEBA trust fund controlled by the unions.

Class actions suits by retirees, Nicholson testified, were necessary to gain legal authority for the unions to negotiate reductions in benefits “on behalf of retired workers,” he said. “I told lawyers for Jones Day on July 11 that the UAW was willing to engage in class action to try to resolve the OPEB (Other Post-Employment Benefits) issue, and take leadership on this because we have done more of this than anyone in the country.”

“We told them we got this done quickly at GM, Ford and Chrysler,” Nicholson said, adding regretfully, “Orr never responded.”

Attackers could start to aggressively distribute this malware in the near future, Kaspersky Lab researchers warn

A new Trojan program that targets users of online financial services has the potential to spread very quickly over the next few months, security researchers warn.

The malware was first advertised on a private cybercrime forum in July, according to malware researchers from Kaspersky Lab who dubbed it Trojan-Banker.Win32/64.Neverquest.

"By mid-November Kaspersky Lab had recorded several thousand attempted Neverquest infections all around the world," said Sergey Golovanov, malware researcher at Kaspersky Lab, Tuesday in a blog post. "This threat is relatively new, and cybercriminals still aren't using it to its full capacity. In light of Neverquest's self-replication capabilities, the number of users attacked could increase considerably over a short period of time."

Neverquest has most of the features found in other financial malware. It can modify the content of websites opened inside Internet Explorer or Firefox and inject rogue forms into them, it can steal the username and passwords entered by victims on those websites and allow attackers to control infected computers remotely using VNC (Virtual Network Computing).

However, this Trojan program also has some features that make it stand out.

Its default configuration defines 28 targeted websites that belong to large international banks as well as popular online payment services. However, in addition to these predefined sites, the malware identifies Web pages visited by victims that contain certain keywords such as balance, checking account and account summary, and sends their content back to the attackers.

This helps attackers identify new financial websites to target and build scripts for the malware to interact with them.

Once attackers have the information they need to access a user's account on a website, they use a proxy server to connect to the user's computer via VNC and access the account directly. This can bypass certain account protection mechanisms enforced by websites because unauthorized actions like transferring money are done through the victim's browser.

"Of all of the sites targeted by this particular program, fidelity.com -- owned by Fidelity Investments -- appears to be the top target," Golovanov said. "This company is one of the largest mutual investment fund firms in the world. Its website offers clients a long list of ways to manage their finances online. This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market, using the accounts and the money of Neverquest victims."

The methods used to distribute Neverquest are similar to those used to distribute the Bredolab botnet client, which became one of the most widespread malware on the Internet in 2010.

Neverquest steals log-in credentials from FTP (File Transfer Protocol) client applications installed on infected computers. Attackers then use these FTP credentials to infect websites with the Neutrino exploit pack, which then exploits vulnerabilities in browser plug-ins to install the Neverquest malware on the computers of users visiting those sites.

The Trojan program also steals SMTP (Simple Mail Transfer Protocol) and POP (Post Office Protocol) credentials from email clients and sends them back to attackers so they can be used to send spam emails with malicious attachments. "These emails are typically designed to look like official notifications from a variety of services," Golovanov said.

In addition, Neverquest steals account log-in information for a large number of social networking websites and chat services accessed from infected computers. Those accounts could be used to spread links to infected websites with the intention to further spread Neverquest, even though Kaspersky Lab hasn't seen this method being used yet.

"As early as November, Kaspersky Lab noted instances where posts were made in hacker forums about buying and selling databases to access bank accounts and other documents used to open and manage the accounts to which stolen funds are sent," Golovanov said. "We can expect to see mass Neverquest attacks towards the end of the year, which could ultimately lead to more users becoming the victims of online cash theft."

Crimeware kit includes Bitcoin, Litecoin miner module

Atrax, sold for $250, offers a variety of other potent plugins

A new malicious software program, advertised for sale on underground forums, claims to mine and steal bitcoins, according to a Danish security company.

The Atrax malware is notable for its low US$250 price and use of TOR, short for The Onion Router, a privacy network that makes it difficult to track communications, wrote Jonas Monsted of CSIS in a blog post.

After seeing it advertised on Web forums, CSIS is looking for an active sample of Atrax to get a fuller understanding of its capabilities, Monsted wrote.

"We are looking at a new crimeware kit with a lot of different functions and plugins," he wrote.

Atrax, which is the name of a class of poisonous spiders found in Australia, falls into a class of "commercial" malware, created by coders and sold to other cybercriminals. Monsted wrote that Atrax comes with free updates, supports and bug fixes.

For an extra $110, Atrax's creators are offering a "stealer" plugin, which is capable of stealing bitcoin wallet files, which are small data files containing bitcoins.

Bitcoin software clients vary, and some wallet files require a password. But it appears Atrax would likely be capable of acquiring that password as well.

Atrax also has a virtual currency mining plugin, which costs $140. The plugin uses a victim's computer to mine for both bitcoin and litecoins, a spinoff virtual currency modeled on bitcoin.

Atrax communicates with its controllers using TOR, which encrypts outgoing information. Encryption masks information leaving a computer, making it unintelligible unless decrypted. Atrax's large file size, 1.2 MB, is apparently due to its TOR integration.